Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1149

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-1149
Last Modified 02 Dec 2014 09:59:45
Published 21 Jun 2012 11:55:11
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1149

Summary

Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow.

Vulnerable Systems

Application

  • Apache Openoffice.org 3.3

  • Apache Openoffice.org 3.4

  • Libreoffice 3.3.0

  • Libreoffice 3.3.1

  • Libreoffice 3.3.2

  • Libreoffice 3.3.3

  • Libreoffice 3.3.4

  • Libreoffice 3.4.0

  • Libreoffice 3.4.1

  • Libreoffice 3.4.2

  • Libreoffice 3.4.5

  • Libreoffice 3.5

  • Libreoffice 3.5.2


References

BID - 53570

OSVDB - 81988

CONFIRM - http://www.openoffice.org/security/cves/CVE-2012-1149.html

MANDRIVA - MDVSA-2012:091

MANDRIVA - MDVSA-2012:090

DEBIAN - DSA-2487

DEBIAN - DSA-2473

SECTRACK - 1027068

SECUNIA - 49392

SECUNIA - 49373

SECUNIA - 47244

SECUNIA - 46992

REDHAT - RHSA-2012:0705

FEDORA - FEDORA-2012-8042

FEDORA - FEDORA-2012-8114

CONFIRM - http://www.libreoffice.org/advisories/cve-2012-1149 /

BUGTRAQ - 20120516 CVE-2012-1149 OpenOffice.org integer overflow error in vclmi.dll module when allocating memory for an embedded image object

XF - openoffice-vclmi-bo(75692)

SECUNIA - 49140

GENTOO - GLSA-201209-05

SECUNIA - 50692

GENTOO - GLSA-201408-19

SECUNIA - 60799

CONFIRM - http://www.libreoffice.org/advisories/cve-2012-1149/

Related Patches

Red Hat 2012:0705-01 RHSA Important: openoffice.org security update for RHEL 5 x86

Red Hat 2012:0705-01 RHSA Important: openoffice.org security update for RHEL 5 x86_64

Novell SUSE 2012:6003 libreoffice-345 security update for SLED 11 SP1 x86_64

Novell SUSE 2012:6003 libreoffice-345 security update for SLED 11 SP1 i586

Novell SUSE 2012:8022 libreoffice-345 security update for SLED 10 SP4 i586

Novell SUSE 2012:8022 libreoffice-345 security update for SLED 10 SP4 x86_64


Last Updated: 27 May 2016 10:56:34